Viewing users and groups assigned to a role
To view the AWS Managed Microsoft AD users and groups assigned to an IAM role, perform the following steps.
Prerequisites
-
Create a role that has a trust relationship with AWS Directory Service. For existing IAM roles, you'll need to edit the trust relationship for an existing role.
To view AWS Managed Microsoft AD users and group assigned to an IAM role
-
In the AWS Directory Service console
navigation pane, under Active Directory, choose Directories. -
On the Directories page, choose your directory ID.
-
On the Directory details page, do one of the following:
-
If you have multiple Regions showing under Multi-Region replication, select the Region where you want to view your assignments, and then choose the Application management tab. For more information, see Primary vs additional Regions.
-
If you do not have any Regions showing under Multi-Region replication, choose the Application management tab.
-
-
Scroll down to the AWS Management Console section. The Status should be Enabled. If not, choose Actions and Enable. For more information, see Enabling AWS Management Console access with AWS Managed Microsoft AD credentials.
Note
You won't see any groups or users if the AWS Management Console is disabled.
-
Under the Delegate Console Access section, select the hyperlink of the IAM role you want to view. Alternatively, you can select View policy in IAM to view the IAM policy in the IAM console.
-
On the Selected role page, under the Manage users and groups for this role section, you can view the users and groups assigned to the IAM role.
